From System House to Managed Service Provider: pco GmbH Builds Successful SOC Services with Trend Micro


Since its foundation in 1984, Osnabrück-based pco GmbH (www.pco-online. de) has transitioned from a mainly regionally active system house to one of Germany’s leading IT service providers. Among the focal points of customer demand in pco’s extensive portfolio are Security Operations Center (SOC) services, which combine in-house expertise with technical infrastructures and expert support from Trend Micro. The transformation from a pure system house with on-call service to a 24x7 managed security service provider (MSSP) took place step by step and as a logical consequence of changing customer needs and growing technical possibilities.

Organic service development through customer demand

”Around 2018, many of our medium enterprise customers started to move into the cloud,” says Marcel Sievers, business development manager at pco. “At that time, the Trend Micro portfolio already contained powerful softwareas-a-service offerings for security in and from the cloud. Customers no longer had to operate all systems in their own data centers but could obtain the same performance from Trend Micro with less effort and greater stability. The potential was obvious.”

As a result, pco convinced almost all customers of the efficiency benefits of switching to SaaS solutions with corresponding license models. The trend towards the cloud was already in full swing when the Covid pandemic and the obligation to work from home added additional momentum. However, the exceptional situation attracted criminal elements, so cyber attacks on pco customers increased considerably. A wave of calls for help followed, underlining the immense need for professional security support.

Shortage of skilled personnel jeopardizes security

”We can’t say no to emergency calls,” says Marcel Sievers, which is why pco has guided several medium-sized companies with 3,000 to 5,000 employees through major cyber incidents. “During these rescue missions, our team realized that Trend Micro offers a top solution not only for acute incidents but also for early detection and investigation.” As a result, pco built its services around the Trend Micro portfolio and had immediate success with mediumsized businesses. But then a problem emerged: “Many customers had invested in security, but critical alarms were still detected too late. We found detailed early warnings in the log files, but companies lacked the staff for analysis and reaction. IT departments can’t perform these tasks on the side.”

We’ve been working perfectly with Trend Micro for several years to deliver our SOC service.

Marcel Sievers
Business Development Manager, pco

We’ve been working perfectly with Trend Micro for several years to deliver our SOC service

Motivated by customer needs, pco moved away from the classic on-call model of a system house and created an SOC with dedicated security readiness. For a provisioning fee, customers are given the option of transferring alarms and notifications directly to pco. Networks, servers, Internet services, and other security-relevant systems or log files are monitored 24x7 by pco analysts in the SOC.

Technologically, the SOC service from pco builds on Trend Micro XDR, a platform for organization-wide Extended Detection & Response (XDR). XDR automatically collects and correlates security-relevant data across endpoints, email, servers, cloud workloads, and networks. The resulting data lake is enriched with Trend Micro Threat intelligence and vulnerability information from the Zero Day Initiative. The combined data is then analyzed using advanced methods such as machine learning. With a Managed XDR Service, Trend Micro threat experts continuously monitor and analyze incoming telemetry data from the customer environment so that companies are warned earlier of new and hidden threats.

In the event of anomalies and acute dangers, the control center immediately triggers meaningful alarms and initiates appropriate defense measures. In close cooperation with the second-level support of the customer’s IT department, further measures can be planned and implemented immediately. In addition, pco has developed special runbooks that support these processes.

Proven partnership to deliver SOC services

“We’ve been working perfectly with Trend Micro for several years to deliver our SOC service. Our experts contribute their specialist and customerspecific expertise and take charge of the crisis management, while our colleagues at Trend Micro act as wingmen and provide analyses, reports, and recommendations,” says Marcel Sievers.

Crisis management covers the structured technical restart and includes open communication with management and contact with cyber insurance companies or law enforcement authorities. Many years of experience and its position as an APT response provider recognized by the German Federal Office for Information Security (BSI) enable pco to avoid many pitfalls from the outset, such as clarifying liability issues in the customer’s favor. Thanks to the established cooperation with regional law enforcement authorities and the Federal Criminal Police Office, it has been possible to prevent the publication of sensitive stolen data and avert ransom demands from ransomware attackers.

Trend Service One complements SOC services

Customers can complement pco SOC services with Trend Service One to achieve increased levels of support and attack readiness. One example is Engbers, a men’s fashion specialist with over 300 shops and 1,780 employees in Germany and Austria. In addition to the pco SOC service, Engbers has opted for premium support with Trend Service One Complete, including global 24x7x365 support with prioritized case handling, a designated service manager, and an exceptional onboarding service.

Service One Complete customers benefit from Targeted Attack Detection, which looks for early signs of attacks. Companies receive recommendations for the next steps based on predictions of upcoming attack actions. Service One customers also have access to the Trend Micro Incident Response Team, a group of highly qualified experts for crisis management, threat hunting, forensics, and compliance.

With the pco SOC service and Trend Micro Service One Complete, we have world-class experts at our side in every phase of the threat lifecycle. In addition to this, our IT department can concentrate on its actual core task: supporting and optimizing our business operations.

Stefan Siniawa
Team Lead Systemintegration and IT-Support Engbers

SOC analysts relieved by Trend Micro SOAR

Even sustained success can be challenging: Growing customer numbers and increasing security incidents required a temporary onboarding stop for new customers to maintain service quality. This situation was alleviated by the introduction of a powerful Security Orchestration, Automation, and Response (SOAR) solution to Trend Micro’s portfolio.

With the SOAR solution, MSSPs can manage the incident response processes across multiple customers. In addition, service providers benefit from intelligent log aggregation, which facilitates data ingestion and enrichment from various Trend Micro and third-party sources (e.g., firewall, Citrix Netscaler).

“With the introduction of Trend Micro SOAR and SIEM, we have increased efficiency in the SOC even further. Our analysts are now relieved of routine tasks, especially in the night shift,” says Marcel Sievers. “Customers benefit greatly from a much broader perspective on their attack surfaces and significantly accelerated responses.”

Perfectly positioned for the future with Trend Micro

Thanks to the expansion of the SOC’s staff and the introduction of SOAR and SIEM technologies, pco can provide a more comprehensive service, faster response times, and improved customer security. The technology also allows for a much more transparent cost structure: In the past, customers paid a basic fee plus a sum for accrued analyst working hours, regardless of whether these were caused by real or false alarms. This practice could result in monthly invoices with widely differing amounts. In the new pricing model, the processing of false positives, which make up 90 percent of total volume, is completely free of charge. This offers customers better planning security.

“Almost all of our customers were immediately won over by the improved financial planning capabilities and enhanced security, even though the costs for our service had increased,” says Marcel Sievers. “With our SOC, we have positioned ourselves perfectly in the market, both economically and technologically. Our customers appreciate that. That’s why we are optimistic about the future and look forward to continuing our successful collaboration with Trend Micro.”